[co-author: Cullen Allen]*
Following the Freedom of Information Act (FOIA) litigation brought against the Federal Deposit Insurance Corporation (FDIC) in 2024,[1] on February 5, 2025, the FDIC released hundreds of pages of documents related to its supervision of banks that engaged in, or sought to engage in, crypto-related activities during the last administration. Acting Chairman Hill’s decision to release these documents reflected “a commitment to enhance transparency, beyond what is required by the [FOIA], while also attempting to fulfill the spirit of the FOIA request.”[2]
To date, the prevailing narrative surrounding this release has focused on the “debanking” debate, and the messages of near universal resistance by the prior administration towards banks engaging in any crypto-asset activity. The current administration has adopted a markedly different position towards crypto.[3] Following the President’s Executive Order on Digital Assets, federal banking regulators no longer require banks to receive prior approval (or a written supervisory nonobjection) to engage in permissible crypto-activities.[4]
The focus on debanking, however, misses the most valuable nuggets of information tucked within the FDIC release. A close read of the 25 Redacted Pause Letters (FOIA Letters) issued to 24 FDIC-supervised institutions not only offers important supervisory insights on how banks should scope, evaluate, and manage the risks associated with certain crypto activities, but also signals the need for regulators to regularly and proactively share more of these kinds of (anonymized) supervisory insights.[5]
Background
The crypto activities subject of the FOIA Letters primarily cover banks’ interest in offering digital asset custody and execution services (C&E Services) for bank customers. Banks have proposed to offer C&E Services either directly or in partnership with an integrated third-party platform. Custody services enable customers to hold crypto assets in a digital wallet, while execution services facilitate the buying and selling of these assets. The proposed partnerships between banks and trading platforms would be designed to streamline cryptocurrency transactions, allowing customers to quickly buy and sell digital currencies with funds flowing from their accounts at the bank.
While the FOIA Letters contain valuable insights regarding appropriate risk management of these and other crypto activities (summarized below) there are several caveats: (i) our analysis is derived from redacted letters, and therefore may not provide a complete picture of the proposed crypto activities; and (ii) each FDIC response offers guidance based on specific facts and circumstances unique to the supervised institution, and together they may not be broadly indicative of how the FDIC (or any banking regulator) would treat the same type of activity in every case.
Nevertheless, the risk management framework and areas for additional follow-up described by the FDIC in these letters are helpful guides as banks seek to reengage in these or related crypto activities, assess legal permissibility, and address safety and soundness concerns.
FOIA Letters Themes
The FOIA Letters can be grouped into the following five general themes:
- Refrain from expanding the activity (9 letters).
- Pause or do not provide the activity entirely until further notice (7 letters).
- Provide more information in advance of service implementation (6 letters).
- Pause all crypto activities until further notice (2 letters).
- Notify the FDIC of any future modifications to the service without any pause or discontinuation of current crypto activity (1 letter).
Distribution of FOIA Letters Across FDIC Regions
The map below illustrates each FDIC region followed by the related percentage of corresponding FDIC responses from the FOIA Letters.
FDIC responses from varying regional offices were generally consistent across the proposed crypto activities, with some exceptions. In three instances — two issued from the Chicago Region and one from the Dallas Region — where the bank had already launched a third-party C&E Services function on the bank’s digital banking platform, the FDIC asked for a pause in expansion of the activity, but did not request the service be discontinued for existing users. By contrast, two responses from the Dallas Region requested a pause of all crypto activities after banks sought to integrate third party crypto interfaces in their digital banking platforms.
One bank informed the FDIC of its intent to provide account services for a customer seeking to hold stablecoin reserves. The New York Region asked the bank to refrain from all crypto activity until further guidance.
Also of note, the FDIC did not request any pause or discontinuance of one bank’s plan to implement internal, closed-loop blockchain transactions for bank clients. The FDIC asked for immediate notification if the bank planned to expand this activity beyond its bank clients.
The FDIC’s top concerns across all the FOIA Letters were:
- Consumer privacy.
- Managing financial risks associated with bank assets.
- The need for clear operational and governance processes.
- Detail on key participants and key personnel involved in the crypto activity.
- The bank’s risk assessment of the proposed activity.
- The need for due diligence on the third party facilitating the crypto activity.
Conclusion and Recommendation
The supervisory insights found in the FOIA Letters will be helpful to banks seeking to reengage in crypto asset activities, particularly in the absence of any more specific guidance by U.S. banking regulators. In fact, banks looking to engage in these activities would benefit from the FDIC collecting and generalizing the guidance provided by the FOIA Letters. There is no substitute for the front-line experience reflected in these letters, and only the regulators themselves are positioned to share this information. By proactively offering supervisory insights, regulators can both improve efficiency and preserve safety and soundness as banks embark on new activities.
Our recommendation should not require an entirely new process; banking regulators have long established methods for providing current supervisory insights to the market. It is unclear, however, whether these methods are being regularly used (if at all). For example, the FDIC issues a Supervisory Insights Publication, but it was last released in Summer 2022, and it contained no material on bank-fintech partnerships. The Federal Reserve provides their general supervisory updates through its Most Frequently Asked Questions. The OCC issues quarterly, semi-annual, and annual updates of selected themes in its Supervision and Examination Publications. We recommend that regulators revive these channels to include anonymized feedback that would be most useful for supervised institutions and their third parties to gain a better understanding of relevant supervisory considerations.
In the meantime, crypto activity and other fintech arrangements will continue to grow, and banking services will need to thoughtfully evolve to address attendant risks. Anticipatory guidance by regulators — not brought about by FOIA litigation — is a sensible next step.
*Summer Associate
[1] Hist. Assocs. Inc. v. FDIC, 1:24-cv-1857-ACR (D.D.C.).
[2] Hill, Travis, FDIC Releases Documents Related to Supervision of Crypto-Related Activities, FDIC (Feb. 5, 2025).
[3] For example, in April 2025, the FDIC and the Federal Reserve System withdrew two joint statements concerning bank engagement in crypto operations. They each noted that banks can undertake permissible blockchain activities that are otherwise consistent with applicable laws and regulations. On April 8, 2025, the FDIC Acting Chairman Travis Hill gave a speech at the American Bankers Association Summit in Washington, and stated, “the FDIC would adopt a more open-minded approach to innovation—including with respect to digital assets and blockchain.”
[4]The FDIC released FIL-7-2025 on March 28, 2025, clarifying that supervised institutions may engage in permissible crypto-related activities without prior FDIC approval and rescinding FIL-16-2022, which had set a prior notification requirement for FDIC-supervised institutions seeking to engage in crypto activities.
[5] The FOIA Letters are available in the FDIC’s FOIA Reading Room.
[6] FDIC’s Redacted Pause Letters at 78, Hist. Assocs. Inc., No. 1:24-cv-1857-ACR (D.D.C. Jan. 3, 2025).
[7] Id. at 70.
[8] Id. at 3, 13, 29, 34, 37, 39, 42, 49, 52, 58, 61, 65, 73.
[9] Id. at 10, 21.
[10] Id. at 49.
[11] Id. at 5.
